Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464

Mass Exploit for CVE 2022-29464 on Carbon
https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464

0day auto-exploiter bash carbon cve cve-2022-29464 exploit massexploit python shodan

Last synced: about 1 month ago
JSON representation

Mass Exploit for CVE 2022-29464 on Carbon

Awesome Lists containing this project

README

        

## Meow Meow Meow!

Just a Mass Exploit based on a Python PoC for # WSO2 Carbon Server [CVE-2022-29464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464)

Pre-auth RCE bug [CVE-2022-29464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464).

## Meow Meow Meow? Requirements?



Python3

Shodan

Zoomeye

A Brain

## What is this tool?

This is a mass-autoscan-exploit of [CVE-2022-29464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29464) based on the PoC wrote in python by a third part.

The Py file is available and readable, see also the bash script that don't contain any encoded string.

Massexploit will upload a shell and a reverse shell and print out the path to access it. Easy, Quick and Cool.

I know that probably the code could be wrote better and saving some lines, but i did it when i was drunk and just to do something.

So?

Just run:

```bash
./mass_exploit.sh
```
This command can setup your shodan and zoomeye tool, API included (if you want to skip the setup of tools or api, just press enter to skip.)

Then it start search for vulnerable hosts based on the dorks (examples are provided in the file examples_dorks.txt).

If you prefer, the manual mode is always available through the command below.

The mass_exploit.sh output will be printed in the shell screen.

![PoC](https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464/blob/12c649eddaed6033a1aec05d27fc93408900a128/poc.png)

```bash
python3 exploit.py -u host:port
```
or easily:

```bash
python3 exploit.py -f
```
################################################################

## Search tools:

## Shodan

Get your account and an API Key here: https://account.shodan.io/

```bash
sudo apt-get install python-setuptools -y
sudo apt-get install pip -y
pip install shodan
easy_install shodan
```
## Zoomeye

Get an account and your API Key here: https://www.zoomeye.org/
```bash
pip3 install git+https://github.com/knownsec/ZoomEye-python.git
```
## Enjoy it

This tool has been provided just for accademic purposes. I am not responsible for any illegal action made with this code.

Electrolulz - https://github.com/electr0lulz - [email protected]

Tested on a Ubuntu based O.S.